Self Assessment Tools


The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two types of input: information about security measures and information about key assets of the enterprise. When all inputs are provided, the tool estimates the expected annual losses for every relevant threat and a total one. The output is to be available when the input information is correctly provided.







Data aggregation - information on the average answers received for the complete questionnaire are shown below.

1.63.24.86.37.99.5Information security (IS) policyOrganization of ISHuman resource securityAsset managementAccess controlCryptographyPhysical/environmental securityOperations securityCommunications securitySystem development/maintenanceSupplier relationshipsIS incident managementIS aspects of BusinessCompliance16.01999940872192212.937512.83015036044716911.82600009322166412.4958122316030659.52000017166137612.95280053511858611.13669010411336810.78606053042650710.8229004422485858.64800008535384510.14799996376037710.458800381851210.913760264059306

Average values of compliance for every category in the questionnaire

Are requirements for confidentiality or non-disclosure agreements reflecting the organization?s needs for the protection of information identified and documented?

1) No

31.25%

2) Yes

68.75%

How often are the policies reviewed?

1) once in half a year

17.39%

2) once a year

56.52%

3) once in two years

8.7%

4) once in five years

4.35%

5) more

0%

6) never

13.04%